snakekeylogger | 905300b48359955081191b071358e62de4d41f9b8a8358e26866179022d66a40

General

Target

905300b48359955081191b071358e62de4d41f9b8a8358e26866179022d66a40.exe
Size

1.0MB
Sample

241106-dqdt7atdpf
MD5

f20cc2c5d542b7437e9dada8b6d6378c
SHA1

e417e5fa9c10838e05294ee09bba462ef0111f06
SHA256

905300b48359955081191b071358e62de4d41f9b8a8358e26866179022d66a40
SHA512

9b036545bc54754df16740dbbd3c5ff35f77d25bd1db90a7336ff3d5452d6e092b834470abbc2dd4f7f04e3df613fe74ae1fe5d382115df4d603cf3e7ee24f14
SSDEEP

24576:ffmMv6Ckr7Mny5QLQpioCHNIzbY/0Eutv:f3v+7/5QLZfoE0EuR

Score

10^/10

Malware Config

Extracted

Family

snakekeylogger

C2

https://api.telegram.org/bot7952998151:AAFh98iY7kaOlHAR0qftD3ZcqGbQm0TXbBY/sendMessage?chat_id=5692813672

Targets

- Target
  
  905300b48359955081191b071358e62de4d41f9b8a8358e26866179022d66a40.exe
- Size
  
  1.0MB
- MD5
  
  f20cc2c5d542b7437e9dada8b6d6378c
- SHA1
  
  e417e5fa9c10838e05294ee09bba462ef0111f06
- SHA256
  
  905300b48359955081191b071358e62de4d41f9b8a8358e26866179022d66a40
- SHA512
  
  9b036545bc54754df16740dbbd3c5ff35f77d25bd1db90a7336ff3d5452d6e092b834470abbc2dd4f7f04e3df613fe74ae1fe5d382115df4d603cf3e7ee24f14
- SSDEEP
  
  24576:ffmMv6Ckr7Mny5QLQpioCHNIzbY/0Eutv:f3v+7/5QLZfoE0EuR
Score

10^/10

snakekeylogger discovery keylogger stealer
- Snake Keylogger
  Keylogger and Infostealer first seen in November 2020.
  stealer keylogger snakekeylogger
- Snake Keylogger payload
- Snakekeylogger family
  snakekeylogger
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- AutoIT Executable
  AutoIT scripts compiled to PE executables.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Snake Keylogger

Snake Keylogger payload

Snakekeylogger family

Looks up external IP address via web service

AutoIT Executable

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2